VPN from phone to Mikrotik on iPhone. L2TP IPsec activation.

Igor Mullin
4 min readFeb 9, 2022

--

It just so happens that I use only Android phones and have not met with the problems that the owners of the iOS system have, but they have it, for example, they cannot connect via pptp.

This is a translation of my article in Zen. Also, do not forget to read us in other services: Instagram, telegram (RU, EN, DE), YouTube.

So, everything I wrote earlier is fully applicable for Android owners. Here, for review, I cite the previous articles:
1. VPN from your phone to Mikrotik. Get access to a smart home from anywhere in the world (RU)
2. We are deploying a home network on a guest. [Part 1] VPN → Home (RU)
3. We are deploying a home network on a visit. [Part 2] CAPsMAN via VPN. Expanding Wi-Fi coverage regardless of location (RU)

When the owner of one iOS device decided to connect to my network, it turned out that Apple unilaterally decided that PPTP was not secure and their customers did not need it. There are no third-party applications, and the owner did not want to buy an android phone.

There was only one way to make L2TP IPsec access on your router, so as not to reconfigure all old phones and devices. Let's start…

We start with the fact that if you have a firewall configured (and you should have it configured!), then it will not miss the traffic necessary to pass the client authorization stages. Let’s check that ports 1701,1723, 500, 4500 are open.

Next, go to the IPsec settings and change the encryption settings to those provided by me. These settings were obtained empirically, based on recommendations from specialized forums.

Maybe I forgot to take a screenshot somewhere, just write in the comments. I set it up a month earlier and something might have been forgotten… We will create our own pool of addresses for clients

Now we will create a new security profile in the tunnel profile

And create the required number of users

And the last action, let’s allow IPsec to be used in the l2TP settings and create a password.

After completing all the above actions, everything should work. If not, then go to the logs and see what’s going on there. You can also look at the packet counter in the firewall to see if there is traffic.

And that’s it, make your smart home smarter, brighter, more colorful, more informative, set up automation correctly to get maximum pleasure. You can also follow me on other sites: Instagram and telegram (RU, EN, DE), LiveJournal, YouTube (new channel).

--

--

Igor Mullin

I´m a Hardware and Software Engineer and a PhD. In my professional activity I focus on such things like smart home systems and electric development.